Don't let your Vera controller be web-accessible

bp2008

bp2008

Staff member
IPCT+ Member
Mar 10, 2014
12,883
14,477
USA
I just came across a large list of vulnerabilities in the Vera z-wave controller:

https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt


Apparently most of this is by design and will not be changing, so remember to never port forward to your Vera box if you have one!
 
  • Like
Reactions: avi6581, fenderman and Mike
Yes, it would be pretty obviously a bad idea to port forward one of these I suppose since they don't apparently require authentication for anything. But not even all the attacks listed there require your Vera to be web accessible. Some work just by getting you to open a malicious web page from a PC that can talk to your Vera over the LAN.
 
You must log in or register to reply here.
Top Bottom